diff --git a/README b/README
deleted file mode 100644
--- a/README
+++ /dev/null
@@ -1 +0,0 @@
-Placeholder README for Solus Operating System packages
diff --git a/actions.py b/actions.py
deleted file mode 100644
--- a/actions.py
+++ /dev/null
@@ -1,14 +0,0 @@
-
-#!/usr/bin/python
-
-
-from pisi.actionsapi import shelltools, get, autotools, pisitools
-
-from pisi.actionsapi.shelltools import system
-
-def build():
- system ("./build_certs.sh")
-
-def install():
- pisitools.insinto ("/etc/ssl/certs", "certs/*.pem")
- pisitools.insinto ("/etc/ssl/certs", "BLFS-ca-bundle*.crt", "ca-certificates.crt")
diff --git a/comar/package.py b/comar/package.py
deleted file mode 100644
--- a/comar/package.py
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env python
-import os
-
-def postInstall(fromVersion, fromRelease, toVersion, toRelease):
- os.system ("c_rehash")
-
diff --git a/component.xml b/component.xml
deleted file mode 100644
--- a/component.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-
- system.base
-
diff --git a/files/build_certs.sh b/files/build_certs.sh
deleted file mode 100755
--- a/files/build_certs.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-url="http://anduin.linuxfromscratch.org/BLFS/other/certdata.txt"
-
-curl $url -o certdata.txt &&
-unset url &&
-./make-ca.sh &&
-./remove-expired-certs.sh certs
diff --git a/files/make-ca.sh b/files/make-ca.sh
deleted file mode 100755
--- a/files/make-ca.sh
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/bin/sh
-# Begin make-ca.sh
-# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs
-#
-# The file certdata.txt must exist in the local directory
-# Version number is obtained from the version of the data.
-#
-# Authors: DJ Lucas
-# Bruce Dubbs
-#
-# Version 20120211
-
-# Some data in the certs have UTF-8 characters
-export LANG=en_US.utf8
-
-certdata="certdata.txt"
-
-if [ ! -r $certdata ]; then
- echo "$certdata must be in the local directory"
- exit 1
-fi
-
-REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')
-
-if [ -z "${REVISION}" ]; then
- echo "$certfile has no 'Revision' in CVS_ID"
- exit 1
-fi
-
-VERSION=$(echo $REVISION | cut -f2 -d" ")
-
-TEMPDIR=$(mktemp -d)
-TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH"
-BUNDLE="BLFS-ca-bundle-${VERSION}.crt"
-CONVERTSCRIPT="./make-cert.pl"
-SSLDIR="/etc/ssl"
-
-mkdir "${TEMPDIR}/certs"
-
-# Get a list of starting lines for each cert
-CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1)
-
-# Get a list of ending lines for each cert
-CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1`
-
-# Start a loop
-for certbegin in ${CERTBEGINLIST}; do
- for certend in ${CERTENDLIST}; do
- if test "${certend}" -gt "${certbegin}"; then
- break
- fi
- done
-
- # Dump to a temp file with the name of the file as the beginning line number
- sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp"
-done
-
-unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend
-
-mkdir -p certs
-rm -f certs/* # Make sure the directory is clean
-
-for tempfile in ${TEMPDIR}/certs/*.tmp; do
- # Make sure that the cert is trusted...
- grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \
- egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null
-
- if test "${?}" = "0"; then
- # Throw a meaningful error and remove the file
- cp "${tempfile}" tempfile.cer
- perl ${CONVERTSCRIPT} > tempfile.crt
- keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
- echo "Certificate ${keyhash} is not trusted! Removing..."
- rm -f tempfile.cer tempfile.crt "${tempfile}"
- continue
- fi
-
- # If execution made it to here in the loop, the temp cert is trusted
- # Find the cert data and generate a cert file for it
-
- cp "${tempfile}" tempfile.cer
- perl ${CONVERTSCRIPT} > tempfile.crt
- keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
- if [ "$(file -b --mime-encoding tempfile.crt)" = "iso-8859-1" ]; then
- iconv -f iso-8859-1 -t ascii//TRANSLIT tempfile.crt -o tempfile.crt
- echo "Fix encoding for ${keyhash}"
- fi
- mv tempfile.crt "certs/${keyhash}.pem"
- rm -f tempfile.cer "${tempfile}"
- echo "Created ${keyhash}.pem"
-done
-
-# Remove blacklisted files
-# MD5 Collision Proof of Concept CA
-if test -f certs/8f111d69.pem; then
- echo "Certificate 8f111d69 is not trusted! Removing..."
- rm -f certs/8f111d69.pem
-fi
-
-# Finally, generate the bundle and clean up.
-cat certs/*.pem > ${BUNDLE}
-rm -r "${TEMPDIR}"
diff --git a/files/make-cert.pl b/files/make-cert.pl
deleted file mode 100755
--- a/files/make-cert.pl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/perl -w
-
-# Used to generate PEM encoded files from Mozilla certdata.txt.
-# Run as ./make-cert.pl > certificate.crt
-#
-# Parts of this script courtesy of RedHat (mkcabundle.pl)
-#
-# This script modified for use with single file data (tempfile.cer) extracted
-# from certdata.txt, taken from the latest version in the Mozilla NSS source.
-# mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-#
-# Authors: DJ Lucas
-# Bruce Dubbs
-#
-# Version 20120211
-
-my $certdata = './tempfile.cer';
-
-open( IN, "cat $certdata|" )
- || die "could not open $certdata";
-
-my $incert = 0;
-
-while ( )
-{
- if ( /^CKA_VALUE MULTILINE_OCTAL/ )
- {
- $incert = 1;
- open( OUT, "|openssl x509 -text -inform DER -fingerprint" )
- || die "could not pipe to openssl x509";
- }
-
- elsif ( /^END/ && $incert )
- {
- close( OUT );
- $incert = 0;
- print "\n\n";
- }
-
- elsif ($incert)
- {
- my @bs = split( /\\/ );
- foreach my $b (@bs)
- {
- chomp $b;
- printf( OUT "%c", oct($b) ) unless $b eq '';
- }
- }
-}
diff --git a/files/remove-expired-certs.sh b/files/remove-expired-certs.sh
deleted file mode 100755
--- a/files/remove-expired-certs.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-# Begin /usr/sbin/remove-expired-certs.sh
-#
-# Version 20120211
-
-# Make sure the date is parsed correctly on all systems
-mydate()
-{
- local y=$( echo $1 | cut -d" " -f4 )
- local M=$( echo $1 | cut -d" " -f1 )
- local d=$( echo $1 | cut -d" " -f2 )
- local m
-
- if [ ${d} -lt 10 ]; then d="0${d}"; fi
-
- case $M in
- Jan) m="01";;
- Feb) m="02";;
- Mar) m="03";;
- Apr) m="04";;
- May) m="05";;
- Jun) m="06";;
- Jul) m="07";;
- Aug) m="08";;
- Sep) m="09";;
- Oct) m="10";;
- Nov) m="11";;
- Dec) m="12";;
- esac
-
- certdate="${y}${m}${d}"
-}
-
-OPENSSL=/usr/bin/openssl
-DIR=/etc/ssl/certs
-
-if [ $# -gt 0 ]; then
- DIR="$1"
-fi
-
-certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" )
-today=$( date +%Y%m%d )
-
-for cert in $certs; do
- notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout )
- date=$( echo ${notafter} | sed 's/^notAfter=//' )
- mydate "$date"
-
- if [ ${certdate} -lt ${today} ]; then
- echo "${cert} expired on ${certdate}! Removing..."
- rm -f "${cert}"
- fi
-done
diff --git a/package.yml b/package.yml
new file mode 100644
--- /dev/null
+++ b/package.yml
@@ -0,0 +1,22 @@
+name : ca-certs
+version : 20200513
+release : 39
+source :
+ - https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt : f3bdcd74612952da8476a9d4147f50b29ad0710b7dd95b4c8690500209986d70
+ - https://raw.githubusercontent.com/agl/extract-nss-root-certs/492d8c9/convert_mozilla_certdata.go : 30afd0ca1df9b7788b830485645c4a2f72b07c1c9eb5c66941ae3d0b87e9e623
+license :
+ - Apache-2.0 # Conversion script
+ - MPL-2.0 # Actual cert file
+component : system.base
+summary : Certificate Authority Files
+description: |
+ The Public Key Inrastructure is used for many security issues in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA).
+extract : no
+builddeps :
+ - golang
+setup : |
+ ln -s $sources/* $workdir
+build : |
+ go run convert_mozilla_certdata.go --to-files
+install : |
+ install -Dm00644 *.pem -t $installdir/etc/ssl/certs
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
new file mode 100644
--- /dev/null
+++ b/pspec_x86_64.xml
@@ -0,0 +1,172 @@
+
+
+ ca-certs
+
+ Fabio Forni
+ livingsilver94.solus@redaril.me
+
+ Apache-2.0
+ MPL-2.0
+ system.base
+ Certificate Authority Files
+ The Public Key Inrastructure is used for many security issues in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA).
+
+ https://getsol.us/sources/README.Solus
+
+
+ ca-certs
+ Certificate Authority Files
+ The Public Key Inrastructure is used for many security issues in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA).
+
+ system.base
+
+ /etc/ssl/certs/ACCVRAIZ1.pem
+ /etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
+ /etc/ssl/certs/Actalis_Authentication_Root_CA.pem
+ /etc/ssl/certs/AddTrust_External_Root.pem
+ /etc/ssl/certs/AffirmTrust_Commercial.pem
+ /etc/ssl/certs/AffirmTrust_Networking.pem
+ /etc/ssl/certs/AffirmTrust_Premium.pem
+ /etc/ssl/certs/AffirmTrust_Premium_ECC.pem
+ /etc/ssl/certs/Amazon_Root_CA_1.pem
+ /etc/ssl/certs/Amazon_Root_CA_2.pem
+ /etc/ssl/certs/Amazon_Root_CA_3.pem
+ /etc/ssl/certs/Amazon_Root_CA_4.pem
+ /etc/ssl/certs/Atos_TrustedRoot_2011.pem
+ /etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+ /etc/ssl/certs/Baltimore_CyberTrust_Root.pem
+ /etc/ssl/certs/Buypass_Class_2_Root_CA.pem
+ /etc/ssl/certs/Buypass_Class_3_Root_CA.pem
+ /etc/ssl/certs/CA_Disig_Root_R2.pem
+ /etc/ssl/certs/CFCA_EV_ROOT.pem
+ /etc/ssl/certs/COMODO_Certification_Authority.pem
+ /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
+ /etc/ssl/certs/COMODO_RSA_Certification_Authority.pem
+ /etc/ssl/certs/Certigna.pem
+ /etc/ssl/certs/Certigna_Root_CA.pem
+ /etc/ssl/certs/Certum_Trusted_Network_CA.pem
+ /etc/ssl/certs/Certum_Trusted_Network_CA_2.pem
+ /etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem
+ /etc/ssl/certs/Comodo_AAA_Services_root.pem
+ /etc/ssl/certs/Cybertrust_Global_Root.pem
+ /etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem
+ /etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
+ /etc/ssl/certs/DST_Root_CA_X3.pem
+ /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
+ /etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem
+ /etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem
+ /etc/ssl/certs/DigiCert_Global_Root_CA.pem
+ /etc/ssl/certs/DigiCert_Global_Root_G2.pem
+ /etc/ssl/certs/DigiCert_Global_Root_G3.pem
+ /etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
+ /etc/ssl/certs/DigiCert_Trusted_Root_G4.pem
+ /etc/ssl/certs/E-Tugra_Certification_Authority.pem
+ /etc/ssl/certs/EC-ACC.pem
+ /etc/ssl/certs/EE_Certification_Centre_Root_CA.pem
+ /etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
+ /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
+ /etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem
+ /etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem
+ /etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.pem
+ /etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.pem
+ /etc/ssl/certs/GTS_Root_R1.pem
+ /etc/ssl/certs/GTS_Root_R2.pem
+ /etc/ssl/certs/GTS_Root_R3.pem
+ /etc/ssl/certs/GTS_Root_R4.pem
+ /etc/ssl/certs/GeoTrust_Global_CA.pem
+ /etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
+ /etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem
+ /etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem
+ /etc/ssl/certs/GeoTrust_Universal_CA.pem
+ /etc/ssl/certs/GeoTrust_Universal_CA_2.pem
+ /etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem
+ /etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem
+ /etc/ssl/certs/GlobalSign_Root_CA.pem
+ /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
+ /etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
+ /etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem
+ /etc/ssl/certs/Global_Chambersign_Root_-_2008.pem
+ /etc/ssl/certs/Go_Daddy_Class_2_CA.pem
+ /etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem
+ /etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
+ /etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
+ /etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
+ /etc/ssl/certs/Hongkong_Post_Root_CA_1.pem
+ /etc/ssl/certs/Hongkong_Post_Root_CA_3.pem
+ /etc/ssl/certs/ISRG_Root_X1.pem
+ /etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem
+ /etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem
+ /etc/ssl/certs/Izenpe.com.pem
+ /etc/ssl/certs/LuxTrust_Global_Root_2.pem
+ /etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem
+ /etc/ssl/certs/NetLock_Arany_(Class_Gold)_Főtanúsítvány.pem
+ /etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
+ /etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem
+ /etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem
+ /etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.pem
+ /etc/ssl/certs/QuoVadis_Root_CA.pem
+ /etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem
+ /etc/ssl/certs/QuoVadis_Root_CA_2.pem
+ /etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
+ /etc/ssl/certs/QuoVadis_Root_CA_3.pem
+ /etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem
+ /etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem
+ /etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
+ /etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
+ /etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
+ /etc/ssl/certs/SZAFIR_ROOT_CA2.pem
+ /etc/ssl/certs/SecureSign_RootCA11.pem
+ /etc/ssl/certs/SecureTrust_CA.pem
+ /etc/ssl/certs/Secure_Global_CA.pem
+ /etc/ssl/certs/Security_Communication_RootCA2.pem
+ /etc/ssl/certs/Security_Communication_Root_CA.pem
+ /etc/ssl/certs/Sonera_Class_2_Root_CA.pem
+ /etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem
+ /etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem
+ /etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem
+ /etc/ssl/certs/Starfield_Class_2_CA.pem
+ /etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem
+ /etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem
+ /etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
+ /etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
+ /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
+ /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem
+ /etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
+ /etc/ssl/certs/TWCA_Global_Root_CA.pem
+ /etc/ssl/certs/TWCA_Root_Certification_Authority.pem
+ /etc/ssl/certs/Taiwan_GRCA.pem
+ /etc/ssl/certs/TeliaSonera_Root_CA_v1.pem
+ /etc/ssl/certs/TrustCor_ECA-1.pem
+ /etc/ssl/certs/TrustCor_RootCert_CA-1.pem
+ /etc/ssl/certs/TrustCor_RootCert_CA-2.pem
+ /etc/ssl/certs/Trustis_FPS_Root_CA.pem
+ /etc/ssl/certs/UCA_Extended_Validation_Root.pem
+ /etc/ssl/certs/UCA_Global_G2_Root.pem
+ /etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem
+ /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
+ /etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
+ /etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
+ /etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem
+ /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
+ /etc/ssl/certs/XRamp_Global_CA_Root.pem
+ /etc/ssl/certs/certSIGN_ROOT_CA.pem
+ /etc/ssl/certs/ePKI_Root_Certification_Authority.pem
+ /etc/ssl/certs/emSign_ECC_Root_CA_-_C3.pem
+ /etc/ssl/certs/emSign_ECC_Root_CA_-_G3.pem
+ /etc/ssl/certs/emSign_Root_CA_-_C1.pem
+ /etc/ssl/certs/emSign_Root_CA_-_G1.pem
+ /etc/ssl/certs/thawte_Primary_Root_CA.pem
+ /etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem
+ /etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem
+
+
+
+
+ 2020-05-13
+ 20200513
+ Packaging update
+ Fabio Forni
+ livingsilver94.solus@redaril.me
+
+
+
\ No newline at end of file